[hackers] [slstatus] Properly handle *snprintf() errors || Laslo Hunhold from git_AT_suckless.org on 2018-05-17 (hackers mail list archive)

From: <git_AT_suckless.org>
Date: Thu, 17 May 2018 23:27:14 +0200 (CEST)

commit c83b388a3f8f7a8c8d5a5cfddb6ab397005371a1
Author: Laslo Hunhold <dev_AT_frign.de>
AuthorDate: Thu May 17 23:23:28 2018 +0200
Commit: Aaron Marcher <me_AT_drkhsh.at>
CommitDate: Thu May 17 23:26:56 2018 +0200

    Properly handle *snprintf() errors

    Posix guarantees that the resulting string is null-terminated, even if
    we have an overflow. Instead of doing what has already been done,
    properly warn when there has been an error or overflow, so the user can
    do something about it.

diff --git a/slstatus.c b/slstatus.c
index e8d367b..35bdcd6 100644
--- a/slstatus.c
+++ b/slstatus.c
_AT_@ -1,4 +1,5 @@
/* See LICENSE file for copyright and license details. */
+#include <errno.h>
#include <locale.h>
#include <signal.h>
#include <stdio.h>
_AT_@ -53,7 +54,7 @@ main(int argc, char *argv[])
         struct sigaction act;
         struct timespec start, current, diff, intspec, wait;
         size_t i, len;
- int sflag;
+ int sflag, ret;
         char status[MAXLEN];

         sflag = 0;
_AT_@ -88,12 +89,16 @@ main(int argc, char *argv[])
                 for (i = len = 0; i < LEN(args); i++) {
                         const char * res = args[i].func(args[i].args);
                         res = (res == NULL) ? unknown_str : res;
- len += snprintf(status + len, sizeof(status) - len,
- args[i].fmt, res);
-
- if (len >= sizeof(status)) {
- status[sizeof(status) - 1] = '\0';
+ if ((ret = snprintf(status + len, sizeof(status) - len,
+ args[i].fmt, res)) < 0) {
+ fprintf(stderr, "snprintf: %s\n",
+ strerror(errno));
+ break;
+ } else if ((size_t)ret >= sizeof(status) - len) {
+ fprintf(stderr, "snprintf: Output truncated\n");
+ break;
                         }
+ len += ret;
                 }

                 if (sflag) {
diff --git a/util.c b/util.c
index 8808aba..6113049 100644
--- a/util.c
+++ b/util.c
_AT_@ -10,15 +10,15 @@ const char *
bprintf(const char *fmt, ...)
{
         va_list ap;
- size_t len;
+ int ret;

         va_start(ap, fmt);
- len = vsnprintf(buf, sizeof(buf) - 1, fmt, ap);
- va_end(ap);
-
- if (len >= sizeof(buf)) {
- buf[sizeof(buf)-1] = '\0';
+ if ((ret = vsnprintf(buf, sizeof(buf), fmt, ap)) < 0) {
+ fprintf(stderr, "vsnprintf: %s\n", strerror(errno));
+ } else if ((size_t)ret >= sizeof(buf)) {
+ fprintf(stderr, "vsnprintf: Output truncated\n");
         }
+ va_end(ap);

         return buf;
}
Received on Thu May 17 2018 - 23:27:14 CEST

This archive was generated by hypermail 2.3.0 : Thu May 17 2018 - 23:36:22 CEST